With penetration testing we look for security weaknesses and possibility to gaining access into the applications and data stored in the institution servers. The testing goes beyond the actual discovery of vulnerabilities into the work of actively exploiting vulnerabilities with advanced attack techniques to see if your infrastructure and IT data can be compromised.
It is typically performed using manual or automated technologies to systematically compromise servers, endpoints, web applications, wireless networks, network devices, mobile devices and other potential points of exposure.
It is useful in evaluating the efficacy of defensive mechanism as well as end user adherence to security policies and the related consequences such incidents may have on the involved resources or operations.
The results will be presented to the security responsible to help them perform the necessary remediation actions by:
- Determining the viability of select attack vectors
- Identifying the high risk vulnerabilities hidden amongst a well sequenced attack against a set of lower-risk vulnerabilities
- Identifying vulnerabilities that are difficult or impossible to detect with vulnerability scanning
- Improving compliancy posture, e.g., PCI DSS – which requires both annual and ongoing penetration testing